In case you haven't been following along, AWS ECS has improved dramatically since my first hands-on experience with it back in 2014. While still not as fully featured and certainly not as pluggable as Kubernetes, I believe that ECS is now the best choice for most containerized workloads. The integration with other services (IAM, ALB, ECR) are hard to accomplish with any other system, and you're relieved of any and all cluster management. And I would wager that it's easier to get security right with ECS than with any other container scheduler.